8.7
CVE-2015-10145 - Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shelβ¦
7.1
CVE-2025-53235 - WordPress Easy Social plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social easy-social-media allows Reflected XSS.This issue affects Easy Social: from n/a through <= 1.3.
7.1
CVE-2025-52739 - WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3.
7.1
CVE-2025-50053 - WordPress Blappsta Mobile App Plugin β Your native, mobile iPhone App and Android App Plugin <= 0.8β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin β Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin β Your native, mobile iPhone Appβ¦
7.1
CVE-2025-47566 - WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91.
7.1
CVE-2025-31054 - WordPress Bloggie theme <= 2.0.8 - Cross Site Scripting (XSS) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.
8.5
CVE-2025-30628 - WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.β¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Compoβ¦
0.0
CVE-2025-28973 - WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0.
8.5
CVE-2025-28949 - WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
7.1
CVE-2025-23757 - WordPress ZD Scribd iPaper plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper zd-scribd-ipaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through <= 1.0.